Note: This is an archival copy of Security Sun Alert 200015 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000012.1.
Article ID : 1000012.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-11-06
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Solaris 10 Sun Update Connection Web Proxy Password Disclosure Vulnerability


Release Phase

Sun Update Connection - System
Solaris 10 Operating System

Bug Id

Date of Resolved Release


Solaris 10 with Sun Update Connection Services, a web proxy password may be visible to unauthorized local users on the affected system and also in the web proxy log files at the web proxy server. In addition, this issue prevents Sun Update Connection from authenticating to the web proxy server.

Sun Acknowledges with thanks Nicholas Brealey of Culham Electromagnetics and Lightning for bringing this issue to our attention.

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 with patches 119107-01 through 119107-03 and without patch 119107-04

x86 Platform

  • Solaris 10 with patches 119108-01 through 119108-03 and without patch 119108-04

Note: This issue occurs only when Sun Update Connection is configured to use a web proxy with password authentication enabled.


Sun Update Connection with proxy authentication enabled does not work. Password may be visible in web proxy log files.


There is no workaround for this issue. Please see the Resolution section below.


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 119107-04 or later

x86 Platform

  • Solaris 10 with patch 119108-04 or later

Note: Your web proxy password may have been compromised. It is advisable to change your web proxy password



This solution has no attachment